Subject: RE: Patent-based dual-licensing open source business model
From: Brian Behlendorf <>
Date: Wed, 13 Sep 2006 15:24:47 -0700 (PDT)

On Wed, 13 Sep 2006, Lawrence Rosen wrote:
> Let me put it this bluntly: An open source license (such as Apache) may 
> allow secret commercial modifications but our Covenant does not. Our 
> Covenant controls our patents. That is on purpose. That is consistent 
> with *our* broad philosophical goals regarding the sharing of knowledge 
> so that everyone can benefit from improvements to patented technology.

I think it's a very reasonable position, but I was still confused even 
after the discussion of the term "use" about a couple of things:

a) Open source copyright licenses care almost exclusively about 
redistribution - this license cares about use.  Only the APSL, as far as I 
can recall, places requirements upon actions that don't involve 
redistributing a copy of the code to someone else - if you modify it and 
deploy it to someone over the net, you have to give that someone your 
modifications plus the original source.  Here, it sounds like even if I 
modify it for my company's internal use exclusively, I still have to 
either license or redistribute publicly - something not even the GPL 
requires.  Discussion here seems to echo this point.  Is this the case?

b) If given a), does that mean that the only circumstance in which I can 
use the software internally, without being compelled to release something 
publicly or pay licensing fees, is if I use it without modifications 
(aside from "fixes", as you describe)?

c) What's the boundary of "modifications"?  Let's say I take your code and 
integrate it one of ten different ways with other proprietary software.  I 
could do anything from link it statically to make calls over a web 
services API.  Given the nature of IC's technology, it's likely to be 
something very tightly linked into an I/O pipeline, probably as part of 
the same process space as an app server or even internet protocol server. 
Ideally we'd get a definition close to something like Mozilla's.

I like the direction this is taking.  I just want the social contract to 
be clear enough that we don't have to default to too many "trust us" kinds 
of responses, and to avoid scaring off potential users of this kind of